Currently there are two main types of technologies offering alternative methods of unique product item identification, such as EPCs, namely:                2D optical barcodes, and        RFID.        
A 2D optical barcode consists of a composite image that can store about 2,000 bytes of data along two dimensions. The Uniform Code Council and European Article Numbering (EAN) International have standardized a range of 2D barcodes, all with a significantly larger data capacity than the existing EPC.
2D optical barcodes are now widely used in the global pharmaceutical industry. In the United States, the Food and Drug Administration (FDA) has mandated their use on all pharmaceutical goods manufactured within its jurisdiction to identify product lines. The main advantage driving their acceptance is that they are inexpensive to produce.
The main disadvantage of 2D optical barcodes is that they are often difficult to read due to label damage and a direct ‘line-of-sight’ is needed for scanning. In addition to this, 2-D optical barcodes are unsightly and therefore detrimental to the packaging of the product. This problem is exacerbated in the case of pharmaceuticals, which generally use small packaging, but require a relatively large bar-code which can therefore obscure a substantial part of the packaging.
In the case RFID tags, these can again provide unique product item identification encoded in the form of an EPC. However, there are also some disadvantages that make RFID tags unsuitable for some products.
First, RFID tags are costly to produce. Secondly, the presence of metals, liquids and other electromagnetic frequency (EMF) signals can interfere with RFID tag scanners, and thus seriously jeopardize the reliability and integrity of the RFID system. Thirdly tags can be read remotely without knowledge of the tag holder, thereby raising privacy concerns.
Surface Coding Background
The netpage surface coding consists of a dense planar tiling of tags. Each tag encodes its own location in the plane. Each tag also encodes, in conjunction with adjacent tags, an identifier of the region containing the tag. This region ID is unique among all regions. In the netpage system the region typically corresponds to the entire extent of the tagged surface, such as one side of a sheet of paper.
The surface coding is designed so that an acquisition field of view large enough to guarantee acquisition of an entire tag is large enough to guarantee acquisition of the ID of the region containing the tag. Acquisition of the tag itself guarantees acquisition of the tag's two-dimensional position within the region, as well as other tag-specific data. The surface coding therefore allows a sensing device to acquire a region ID and a tag position during a purely local interaction with a coded surface, e.g. during a “click” or tap on a coded surface with a pen.
The use of netpage surface coding is described in more detail in the following copending patent applications, U.S. Ser. No. 10/815,647, entitled “Obtaining Product Assistance” filed on 2 Apr. 2004; and U.S. Ser. No. 10/815,609, entitled “Laser Scanner Device for Printed Product Identification Cod” filed on 2 Apr. 2004.
Cryptography Background
Cryptography is used to protect sensitive information, both in storage and in transit, and to authenticate parties to a transaction. There are two classes of cryptography in widespread use: secret-key cryptography and public-key cryptography.
Secret-key cryptography, also referred to as symmetric cryptography, uses the same key to encrypt and decrypt a message. Two parties wishing to exchange messages must first arrange to securely exchange the secret key.
Public-key cryptography, also referred to as asymmetric cryptography, uses two encryption keys. The two keys are mathematically related in such a way that any message encrypted using one key can only be decrypted using the other key. One of these keys is then published, while the other is kept private. They are referred to as the public and private key respectively. The public key is used to encrypt any message intended for the holder of the private key. Once encrypted using the public key, a message can only be decrypted using the private key. Thus two parties can securely exchange messages without first having to exchange a secret key. To ensure that the private key is secure, it is normal for the holder of the private key to generate the public-private key pair.
Public-key cryptography can be used to create a digital signature. If the holder of the private key creates a known hash of a message and then encrypts the hash using the private key, then anyone can verify that the encrypted hash constitutes the “signature” of the holder of the private key with respect to that particular message, simply by decrypting the encrypted hash using the public key and verifying the hash against the message. If the signature is appended to the message, then the recipient of the message can verify both that the message is genuine and that it has not been altered in transit.
Secret-key can also be used to create a digital signature, but has the disadvantage that signature verification can also be performed by a party privy to the secret key.
To make public-key cryptography work, there has to be a way to distribute public keys which prevents impersonation. This is normally done using certificates and certificate authorities. A certificate authority is a trusted third party which authenticates the association between a public key and a person's or other entity's identity. The certificate authority verifies the identity by examining identity documents etc., and then creates and signs a digital certificate containing the identity details and public key. Anyone who trusts the certificate authority can use the public key in the certificate with a high degree of certainty that it is genuine. They just have to verify that the certificate has indeed been signed by the certificate authority, whose public key is well-known.
To achieve comparable security to secret-key cryptography, public-key cryptography utilises key lengths an order of magnitude larger, i.e. a few thousand bits compared with a few hundred bits.